ISO/IEC 20000 Certification in Iraq

ISO 20000 standard and its Certification

About ISO 20000 standard

ISO 20000:2018 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and IEC (the International Electoral Commission). ISO 20000 had to be agreed upon by most of the member countries, which means it is accepted by a majority of countries globally.

ISO 20000 Certification Iraq

It represents a consolidated set of management procedure which constitutes a service management system for the productive distribution of services to the business and its stakeholders.

The standard explains a set of management system processes designed to deliver more effective IT services (both to those within your organization and your customers). ISO 20000 gives you the framework to help you manage your ITSM, while allowing you to prove your company follows best practice. With the standard requirements, you will achieve the best practices to improve your delivery of IT services.

What is new in ISO 20000 standard

  1. A new high-level document structure has been introduced in line with other management system standards, making it easier for organizations to comply with several standards such as ISO 9001 (Quality Management) or ISO 27001 (Information Security Management).
  2. Terms and definitions have been revised to include terms specific to management system standards.
  3. Clauses have been revised or added to take into account the growing trends in service management, such as commoditized services and the management of multiple service providers by a service integrator.
  4. Some detail has been removed to allow organizations more flexibility in fulfilling the requirements.
  5. An explicit requirement to “establish, implement, maintain and continually improve a service management system (SMS)” has been introduced.
  6. References to the “PDCA” (“Plan-Do-Check-Act”) methodology have been deleted because many improvement methods can be used with management system standards.
  7. New requirements for context of the organization and actions to address risks and opportunities have been added.
  8. Requirements for documented information, resources, competence, and awareness have been updated.
  9. Additional requirements for service planning, knowledge, asset management, demand management, and service delivery have been inserted.
  10. Requirements for incident management and service request management have been separated out into two sets of requirements.

About ISO 20000 Certification:

ISO 20000 Certification is an activity of verifying the organization through planned and informed ISO audits to confirm that the organization complies with the standard requirement of ISO 20000.
ITSM ISO 20000 is IT Service Management System Standard that specifies ISO 20000 Certification requirements for the service provider to plan, establish, implement and maintain ISO 20000 Controls for an effective SMS Service Management System within an organization.

ISO 20000 Controls are implemented through documented requirements of ISO 20000 Standard clauses by organizations requiring assurance that their service requirements are fulfilled.
For an Organization to obtain the ISO/IEC 20000 certification, it has to engage the services of a Certification Body. IAS is an ISO Certification Bodies in Iraq. IAS conducts auditing and providing ISO 20000 certification in Iraq and also for various standards.

Coverage of ISO 20000 Certification in Iraq:

IAS is one of the highly performing as ISO Certification Bodies in Iraq. IAS conducts auditing and providing ISO 20000 certification in Iraq and also for various standards in Iraq. It also delivers ISO 20000 Internal Auditor Training, and ISO 20000 Awareness/Foundation Training in Iraq. All these certification and Training services by IAS for the country is managed from its office in Iraq.

To know more about ISO 20000 – D Quality Management System and its certification

Process to obtain an ISO Certification:

  • Contact IAS by sending the application and call us for a free discussion and we can guide you in getting the ISO 20000 Certification.
  • Based on the Application form submitted by your organization, IAS initiates ISO certification process for your company. Your application will be scrutinized and IAS will come out with the plan to conduct audits. Our staff will be in touch with you to discuss and help you in the certification process. Check more detailed ISO certification procedure.
  • Plan and implement ISO 20000 standards requirements through documented Information(how this standard is practiced, monitored and continually improved).
Certification Audit: If the company approves the ISO/IEC 20000 certification proposal, it then carries out the certification audit. This audit is basically composed of two phases:
  • Stage 1: The audit team prepares an Audit Plan, which must contain all issues to be reviewed at this phase. The activities carried out in this stage 2 are basically the review of documentation generated by the company, i.e. mainly procedures, technical instructions, etc., and everything related to Management System (PDCA). Also, the company will plan dates and activities that will take place in the next stage, stage 2. As a result of stage 1, the audit team will develop and deliver an audit report to the company, which reflects all the detected deviations. So, the purpose of the stage 1 audit, also called Documentation Review, is to check whether the documentation is compliant with ISO/IEC 20000.

  • Stage 2: As in stage 1, the audit team will prepare an Audit Plan for this phase, which will contain all the things to do and all the people involved. In this second stage 2 the audit team will review everything that has been pending management system and PDCA + operational implementation of all ISO/IEC 20000 processes. As a result of this phase, an Audit Report is generated, which will contain all deviations from stage 2, plus the deviations that have not been treated in stage 1. stage 2 audit is to check whether the activities and processes in a company are compliant with the standard and with the documentation.

  • Receiving the Certificate: If the company closes all Nc’s of the report presented by the audit team and presents the necessary evidence to the Certification Body, the Certification Body finally approves the granting of the certificate to the company. The most common issue is that the certificate is granted, but sometimes may be rejected, due to the immaturity of the system.

  • Surveillance Audits: ISO certificate have 3 years validity, during which surveillance visits are conducted in the next 2 years, the company will have to face further audits each in a year.

  • Recertification Audit: After 3 years, when the certificate will expire, the company will have to face a recertification audit to maintain the certificate.

Benefits of obtaining ISO 20000 certification:

Customers won’t take kindly to downtime, slow performance, and delayed requests, so you need to do all you can to keep things running as smoothly as possible.

To achieve a high quality of service in your organization. ISO 20000 implementation ensures the international IT service management (ITSM) standard, and describes the processes and functions that align IT with organizational goals.

By obtaining the certification, organizations can evaluate how effectively they deliver managed services, measure service levels, and assess their performance. ISO 20000 IS linked with  ITIL®, which is the most common approach for IT service management, Organisations that implementing

ISO 20000 standard can:
  • Demonstrate reliability and high quality of service;
  • Access to key markets in the world, as many public-sector organizations makes mandatory that their IT service providers demonstrate compliance with ISO 20000.
  • Assure clients that their service requirements will be fulfilled;
  • induce a measurable level of effectiveness and continual improvement by enabling service providers to monitor, measure and review their service management processes.
  • Reduce the costs of conformance to many regulations, including the Payment Card Industry Data Security Standard(PCI DSS) and Sarbanes–Oxley;
  • Access additional material on security management and managing suppliers and the business.

What an Organization should do to achieve certification?

  • Call IAS for conducting Audit and discuss audit procedure specific to your organization
  • Implement ISO 20000-Quality Management System in your organization. (E.g. Documenting, training the staffs with Awareness and Internal Audit, practicing the system etc)
  • Conduct at least one internal Audit program through trained QMS Internal Auditors.
  • Compile the collected data and complete the analysis.
  • Conduct a Management review with the help of analyzed data and effect the decision towards improving the Organization’s performance in line with company objectives & goals.
  • Complete the audit successfully. (Stage 1 and Stage 2)
  • Closure of Non-conformance, if any.
  • Collect and maintain the ISO 9001 certification.
  • Comply with the surveillance audit annually.
WhatsApp chat